A TECHNICAL ISSUE with the Irish Aviation Authority’s (IAA) drone register allowed registered drone owners to access personal details of others on the system.
All drone owners are required to register with the IAA and the authority said some 2,000 people have signed up to its online database.
The breach, which allowed registered users to view names, addresses, email addresses and phone numbers of other people registered on the site, was brought to the attention of the authority on Sunday night.
In a statement to TheJournal.ie, the IAA revealed it was aware of four users who downloaded the file.
“These people were members of the drone or aeromodelling community, who had registered their small unmanned aircraft on the system.”
The IAA said the system was not hacked and no unauthorised access was gained by the general public, just registered users.
Upon notification of the erroneous permission the IAA worked with its system supplier, CGH to quickly resolve the matter. The system was taken offline, fixed, tested and restored within two hours. We have advised the office of the Data Protection Commissioner of this error.
The office of the Data Protection Commissioner confirmed it was investigating the breach.
Users who downloaded the file, inadvertently or otherwise, are being urged to destroy the material. They are obliged to do so in accordance with data protection laws.
“Data privacy is of the utmost importance to our organisation. We have swiftly taken measures to address the issue and to ensure that the data integrity of the Asset system is maintained,” the IAA said.
“The IAA wishes to sincerely apologise for the concern or any inconvenience as a result of this event.”